Data Breach Nation

2008 was another banner year for data leaks. The Privacy Rights Clearing House reports that we nearly reached the 250 million mark at year’s end. Security breaches have resulted in the loss of over 246 million records of sensitive personal information since 2005, up from 100 million in 2006. As in all things technology, the theme is acceleration. As our data processing and storage have rapidly increased, so have our data breaches. Some of that growth may be due to the emergence of data breach reporting requirements. But it also can be attributed to the fact that cyber-intruders get smarter and faster all of the time and employees do not: those handling sensitive data continue to make the same foolhardy mistakes, such as leaving a laptop filled with sensitive data in unlocked car that is then stolen.

And true to this theme of acceleration, the number of computer viruses, botnets, and malware incidents increased rapidly this past year. According to the Kaspersky Security Bulletin, 2008 saw the evolution of malware 2.0 technologies and rootkits and the increased attacks on social networking sites and mobile devices.

To be sure, information security experts have their work cut out for them, battling new, and more numerous, problems. This is especially true in the public sector where cyber security is notoriously problematic. A recent report by the Center for Strategic and International Studies explains that break-ins into government computer systems are on the rise. In the last year, the Departments of Defense, State, Homeland Security, Commerce, NASA, and the National Defense University suffered major intrusions by unknown foreign entities. Computer hackers broke into the Secretary of Defense’s unclassified email and terabytes of data were lost at the State Department. The report calls for new laws and regulations governing cyberspace, including “new standards for critical infrastructure providers like the finance and energy industries and new federal product acquisition rules to force more secure products.” Hopefully, the Obama Administration and incoming Congress will commit both funds and energy to enhancing computing security.